Create contrast-sca.yml

.github/workflows/contrast-sca.yml

@@ -0,0 +1,30 @@
+name: Contrast Security SCA
+on:
+  pull_request:
+    branches:
+      - "main"
+jobs:
+  Check-Dependency-Vulnerabilities:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4.1.5
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4.2.1
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+
+      - name: build jar
+        run: |
+          mvn clean install -DskipTests
+      - name: Contrast SCA Action
+        uses: Contrast-Security-OSS/contrast-sca-action@v2.0.10
+        with:
+          apiKey: ${{ secrets.CONTRAST_API_KEY }}
+          orgId: ${{ secrets.CONTRAST_ORGANIZATION_ID }}
+          authHeader: ${{ secrets.CONTRAST_AUTH_HEADER }}
+          apiUrl: ${{ secrets.CONTRAST_API_URL }}
+          filePath: mypath/to/config/files
+          severity: medium
+          fail: true